session problem

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • ravindarjobs
    New Member
    • May 2007
    • 86
    #1

    session problem

    Hi friends,

    I am designing a log in page. It contains user name and password fields, and a submit button.
    So user enters user id, password and clicks submit button and he will be logged in. He will be redirected to inbox page.

    Now if he click the logout button, he will be logged out and will be redirected to login page.
    This is the scenario.

    But my problem is after user cliked logout button, if he clicks back,forward buttons in Internet Explorer, he is still able to log in automatically.

    Infact my session creation approach may be very wrong. Please correct me

    My code is here

    Default.aspx :


    protected void Button1_Click(o bject sender, EventArgs e)
    {
    if (TextBox1.Text == "ravi" && TextBox2.Text == "programmer ")
    {
    Session["a"] = "session1";

    Response.Redire ct("Default2.as px");
    }
    }




    Default2.aspx :



    protected void Page_Load(objec t sender, EventArgs e)
    {
    if (Session["a"] == null)
    {

    Response.Redire ct("Default.asp x");
    }
    else
    {

    Response.Write( "welcome to page");

    }


    }
    protected void Logout_Click(ob ject sender, EventArgs e)
    {
    Session.Remove( "a");

    Response.Redire ct("Default.asp x");
    }
    Tags: None
    • shweta123
      Recognized Expert Contributor
      • Nov 2006
      • 692
      #2
      Hi,

      In order to solve your problem please write this line of code in Logout_Click() procedure :

      Code:
      Session.Abandon();
      This will abandon the session.

      Originally posted by ravindarjobs
      Hi friends,

      I am designing a log in page. It contains user name and password fields, and a submit button.
      So user enters user id, password and clicks submit button and he will be logged in. He will be redirected to inbox page.

      Now if he click the logout button, he will be logged out and will be redirected to login page.
      This is the scenario.

      But my problem is after user cliked logout button, if he clicks back,forward buttons in Internet Explorer, he is still able to log in automatically.

      Infact my session creation approach may be very wrong. Please correct me

      My code is here

      Default.aspx :


      protected void Button1_Click(o bject sender, EventArgs e)
      {
      if (TextBox1.Text == "ravi" && TextBox2.Text == "programmer ")
      {
      Session["a"] = "session1";

      Response.Redire ct("Default2.as px");
      }
      }




      Default2.aspx :



      protected void Page_Load(objec t sender, EventArgs e)
      {
      if (Session["a"] == null)
      {

      Response.Redire ct("Default.asp x");
      }
      else
      {

      Response.Write( "welcome to page");

      }


      }
      protected void Logout_Click(ob ject sender, EventArgs e)
      {
      Session.Remove( "a");

      Response.Redire ct("Default.asp x");
      }

        Comment

        • ravindarjobs
          New Member
          • May 2007
          • 86
          #3
          Thank you for response.

          No, it didnt solve my problem. when i click back button in IE after logout, still it allows user automatically to inbox page(welcome page).

          is my session creation approach is correct?
          or should i make other way?

          Originally posted by shweta123
          Hi,

          In order to solve your problem please write this line of code in Logout_Click() procedure :

          Code:
          Session.Abandon();
          This will abandon the session.

            Comment

            • Curtis Rutland
              Recognized Expert Specialist
              • Apr 2008
              • 3264
              #4
              Originally posted by ravindarjobs
              Thank you for response.

              No, it didnt solve my problem. when i click back button in IE after logout, still it allows user automatically to inbox page(welcome page).

              is my session creation approach is correct?
              or should i make other way?
              I've run into a problem like this before. When you click back, the browser is most likely using the cached page, not reloading it. Therefore, the Page_Load code isn't being run. The session is destroyed (if you use the Session.Abandon () method), but the cached pages remain on the local machine. If you were to refresh the browser after you click back, it should behave in the manner expected.

              I'm not quite sure how to fix that. What I did to overcome this was include a function on my master page to check if the session is valid on Page_Load. That way, they could go "Back" and "Forward" all they want, but if they clicked any link or caused a postback, they would get bounced back to the login page.

                Comment

                • kenobewan
                  Recognized Expert Specialist
                  • Dec 2006
                  • 4871
                  #5
                  Have you tried redirecting the page after abandoning the session? .Net 2.0 does a better job with the login status control.

                    Comment

                    • ravindarjobs
                      New Member
                      • May 2007
                      • 86
                      #6
                      hi friends this has helped me:

                      Originally posted by forums.asp.net
                      Put the following code in the pages you don't want client browser to cache.

                      Response.CacheC ontrol = "no-cache";
                      Response.Expire s = -1;

                        Comment

                        Previous template Next
                        Working...